Keystone at the Center of Our Universe

Keystone at the Center
of Our Universe
Dawei Ding, Fangzhou Xu, Subbu Allamaraju
eBay Inc

What does our
universe look like?

AZs
Where can find the cloud?
Where do I login?
What’s where?
Cross-AZ operations
User and role management

VPCs
Segmented security zones
Same services
Different auth and access policies

Layers
Above
PaaS, XaaS
Kubernetes
Other cloud services
Headless access

Layers
Below
Hypervisor provisioning
Below-cloud tools
Operators

IAMwithout actually managing users
Global, available, secure
Semi-trusted cloud
services
(in the control plane)
Untrusted cloud
users

Global Keystone
in a Trusted
Control Plane
Multi-factor
authentication
API Keys
API Extensions

LB VIP LB VIP LB VIP
Donor
…
DNS routing (affinity based) for DB
ks
LB VIP
ks… ks
LB VIP
ks… ks
LB VIP
ks…
DNS routing (affinity based) for Keystone service
Galera based replication of select tables

10 new tokens/sec on average – peak at 100
tokens/sec
High write latencies (~400 msec)
Started with PKI, moved to PKIZ (60%
reduction)

PKIZ_eJytXVtzokrXvl-_4rufemsD6szkUkUJ7HQzEAS77yLMyDHJTA4cfv23GjXxAIjO3lWpXZMorn56HZ516PZ__8P_JjNNp_83JffiH_8Doht3P9bM-PeJ6-G7T8eWP33C391V0-l9-TIdW7NCdcZ3k3W6DpP1hFtkNl7P8nWSkck6-Q1hEmk3uTSZ5Np6naQ3E90wfi5fIubRmC9ppcdP65-
lIa2U13QV6V_125foAX8feG6yVOYSiBfosZ4TZ_FKnDH-pAui6l9JjD_q-I3GC8lUfUmP8rWeuUNfS0u-JJEZjSMSjwug91JBplJJ5lZO4qcSf3Iyf4rupuPowbPqF_paETLFfVopRcKXev23QHPfmDfaSIAixqvB5qlcc5XNp43ClbfY_C6bv_FBKG9-
T0vuzaXVQK__BixbDKljRyxey6SiMdXEz0zhappQNYyYYimmGsYsTupP5t4oZFmR8qnAwy4h8BYv-tRQfO1YgjTZ4LMoqWOEPB6PiLKQxIeRig2ZE8QsIwPgKlF4PA-JE0SbN9qpr9DyYTmRHrybt_ohyVwOtO9rNjBStrTx08dPbOniMuwUVrg-Nkie9UdJSBIGnv0czG-e-a2QaLJC5GXizB-
4bMmLlP8giSQTbVG6Czk0Z7MIlsv6jRVfGsqDR1ML95Z5xTsvcY3z12_4gDd-O3l_QMR9-eYF___H3_wtEJgAgpL42s3z6tGulcYbvER-5j5-iJ8Vil-Nyy0ub7h9JUr94roGEX8HPQul4Hb89a68efdL-ZUv7XA1HSkPy_Hb6pZXqFRv3DPCnx6p7jL6vnKeFFKt5R3QW01cD0hMQ6rSDBUmZY5VmU4Qctw-
orHC1JhiejQkKtto5ONExq18ZrJ7D47Yz6nxFNzauRl9f0eFel15LuKQvwVZmt9tl3CXuRFbpjEpR_FKkb7SmAzpvXEDd9PJN_3RSLmSvtfGMjXyh9t1TiJdgCuwSX2hlXP3vunD4ODTHidPP9W2T9s8sNbAqT4QSkUUIgPVdNnUCP7DSJjDFIpaxrNFTisjpfFMpmX9xjzwDNxC6i6SvNbYh1tb8tWnd7hTbqo7T04Db
f5y98if_elou4RRyrL5iFXkjSk3r2bMKlNdRL_uc2F8aFDB80oZRrAx13CI2_XqD-hL2363bTeI_d4-
oHO_N9ttRLjcgjpoTpmREcdOAD3OiMcBrncSMSfEvWcVdybJ8X63bTf02wHjpmG7q5VGctiifHa_D7ebvrBqPBAfBt37bcQ0DiPT0RUa6xXuiMRjHpuaGxFnghiMR0AzIjFnVvL77v1u2O7dElr22639hPRzOUk322iEaObb7as_DL2ynG6sMUvLlTJ6ZuUWrDNOZN-HwM6JMM9-
xRe2iI56sZygX1zsW2hxAiJGoAGd3igk-i4T9MbMY7np0JSqC4nFRDG12YApCKxiVeg5CsRuAGxjth-
6LT5944lmdRzwb91opaVxi0rHsFLkPEBXvUX2JXgkObk_BnY9oJX1HsT6O3V0mWTzjKgJaqxVmzPGozCkCo1YFSSk4hnxZgVV9G18HEnosRHxohEf6AKoDz7QBdAWn50XKvHvEcXlsGoxIhjySYWRyfR4TBxLYcosp6qFD-GZOW00ng0-R74S2oxHgIc7IPH7zhgxBFr50t2AlXdVdxQ-
DcIbJ4OaiGKiHzCdsUSyRcVVa8SUOarrTOLqoiAeG_DYl9EKwyYnA9eKvpMcLhJdUIDbQ7uBs4azcXWtegGXGE6T3cDGpfcznCO7qQMQXGI4TXYDlxhOEz7QBVAffKDFcCSqzVNUrFKwEtxWydSMFJVNZo4b0gyXhiyGOeshmM1RpzfJgCbtawm2wya7gUsMR4-
toenNFBOjsqkmGJDQH3CHRxiuC1KJP6xlqibI2E7ZWJvJw7Wi7ySHSwynSS_gUDHqsH2RXsAlhuMrRXxsN9DTcOpQ3mQ3cInhNNkN9DecZnzgmoi8bzfoVJH7YOZWG0dsDYhmSSQ2UNPsjFWWzLPZkCpkgFEoaWJr8Gk4cuUr-cV-
Abo4Yp_lwZmAmlNnVnBVL6iGbD5eYx69qJhn4e_thHt2CMTRR6ZnZzzqoHm3pNWxQhO1vyRWwiWG06AXA_gbhypwg27D8c8GHGgznFMK3Bxw4BLDaVIs6AKoDz5wieGIfJGhf0TJULEwh6gSCd26jtFmLSOVQYUiMioVJhS48si4Wd4Lz2yPfG1TS_mMHyd0f_QeZLNdTpiuMjtfKZj63dJfiP7bw2BTjKgfuJ8KlMIaR
ZGhiQ_e982dM1cKlJvyodwnVbPj2DCicXJUnDESwe5wG5ksqB1XUdcVMqKOG1OkslRjI6q6ITLZqCtKwUdad4kkW9sRpRLoWys5cvtvmHwNVgPjDxwkGicZe4IBlx3U1WiG2aW6GOBSQ6ItkKGoQYZRucT8OaJqGpkqrj2zBYPvw9zeYCdKH0mOawcnPPG8Nx6lwW3w7mcvZ1iag8s4tIGKVH5BYxvdGY84EhDqGbh0dC
hEtdD3BZhMBwhOmPFpnxz6UxLoJNS1JN0sDnrVDo6UbJ8KQbe-h5ilTRKSiRLRPKGYnJmePiLOLGcZZjLqAtN_xU05srReNZMGSaCBlZ3o-4e6bznCvrpDH33vojnQpO_E8QsWsyGuOWcOmrYwdyTfHOMoE0xVNTKWzQbcSSLoo-
9dkkAffe8qlbXRvONPbSnQJQocr58ppDBFtFLXJakWgljEXE0zohkhmv0QwwDisRDRrH4fNK9_UvXRQrH1UO99R63sXKms1aluw_tZ9w56RjBrNzKMc5ipEwX3fsTiBF84Ez9DUyPIFfE1jpH1yt4vkuRRDmpFCm7THAOmWNfH9h03KfDBcnBrID6H5TLoUy_rqLkX0DOQSH52oxwWJWYnDkUkVyPkiMVdPO6dP8AnD9p
qYswKEuMLNGTwcZhRVdRSkkIweVPjoaly_B0ZUHXcpYnnRd9JDteKLiQXlgvHprut2vSLVEsbXdqAp91xURDMBAnm7I1ML88bP-oJmHQX6MKGBHME00H2rrABknNMfWPMlTJWMidMqeh2nWkH7ETfSQ7Xit6R8nTEwgbq19ikEUYTZOcrWea9qGTdD_NrS4E6LgPdepgwj6dcdTGAWqi-Y-
SMk5iqPCTVTCaaXpcK22InXCv6TnK4tBR4GGw3HKkvuTwwrJ17h4aCy0WGdVSM27JRTc9Nj6G3xjjlGag4Vk6cNGUVKxHcGD23bKoElW7cKzo3in4Ymf7CJ0BjON-r1pwvzu9ZVle1ps2wLinOI9U1Mo7AUhVTPnWN7-MxmKol0SoNaUbwqVaJYWxE-9DdreRwreg7yaFZ9C5-
fFisgXNedw_gRp4EfV1XG8CwRXhIMwGmi2rsZmidUq00oheN4YxoohRKSqrZ8THA0FKt6VTfDa_a-ISr2gP7PgG2DHxwlU9AlYcG_nORYcFpvWTL2DUisQpFr3xR0UMAUdHwzQS5AXqEDFl7ThQLvXK_DPVE9J3k_w3FOW2P2mGgzdGd0_SY7m1d_0e5BC6pl2xmMubJykvf2kYonlfe_LGLEwmWSuJkEwrQ2KCl-
HIm9U1fmRcc8YMTX5BgTOxdCvt8Yr8HbnVFnYeY8tiYwrERd2iCBDJnMaY1jj4w1XVBBSdSRWDRG5MxgRH0pnRNUqJzgXNioiQjhhJxxx-RaowqjeGuClOiiRZ7EAHPOIruK8RZ9FHpk21uTL7rfe5VqE1fYW9dWybWjv4xuRAMBvrUDR48OeRKM_WBz3qJPuo7PrP_QGgvwHw-
cMeXRQkAE8MUdQZ9JPpPdY6x0ZvJFC2di3KYh54mxhz9TOWmV-O6Yd2n7QOUEo7ERFlQdRU25M4CXfoY8yWmmE6YsQpdvzqrMKeqkCOVbMvqoa_ZdsTGzT5vjSXkGmpb2mdZm4rOaXX_E_2zXS6h7nBO37dvbHVr0COcdT4QThzlZ3dzRJw5RigjxnQgEY4H2WpEkcFyjw2pMiu56g-R4lh5GxOv935Jq-
3oTKOKwzXKQ45aZYXpkNxUJ1ld4fVQx-PxkMULTMKRG6IioTKVNEbK0-DyoYGdHILWyE52VYx5Avth6jz6p7UU2A9TLTWkzigFR_re0uFpj1INIxSXPRA-w9S6En0WorihqY4VUYQkzhpzSH-AuyHhXiQ8XlTogA74xG6kqv7UkwFXpQhXGZKMraLtl4aWSvG8yl63I1Vy_cS95syGZDRXN2Y9u75LO11p9RRY-
XMvEjV3fcvDLicS7pwIbuyskeIJDm1jfi3GbBYDNKYBVSdIsuxIvA96ZCadksBBH63sP4e0s8iTciA6lxcuRuhujdH56o6_yVw_Ul5njmvDxMshQ1xvRVWkwBXqAioT6oDE40nKPatg1Se7hS56y70iFWOF_mPSOrMKZ9bfWnxprmCcrr-FM2zWf2ALTFkUwl0xsVbNTjFXipkyz0yVppicViZmNZiEjTBj7TUBcbr-
FhoAZ9d_hnTA2fW37P9u-2uHQhWesniM2dmsQKZa1GvV9AHSjZHpWTKrZiNaEZko_WJj2_ob5xOgZf3bbL7nOFHD-jvKAf4BFUa3bmQc18tEYV7F4KnORRkI_cA8pdVCQWYs6I7oTTdS4eOUp2H9HfM5ZefMdr-pEGjzOh2zSYOj8cIZ-
nyiYFqLmftC5uIogudGmN5GGCMy6viYvSAzzZjS2aDwq3Yf2BWh4ZrGzL76Q9P-N49PHO6_cPW48Zj-I8EmjvD1dsg8TO_RIoiHrEWlEVLboZhE6EqF4Mz-
N49RlJ_DDbCbbhBvxr3GgLkRFXnj67ZxE3MvfVkpYlraLY8DLexH2msCLfTrI_D31S1ubY8mjVJXMC4oDcHRWESIWarCNZ7ReIIPsESWGnLPjomCiYgzw4dZhRi_2mkldKV7QXbzEqCedGX122IcE8W4ixs0Ali4vkGzARZ6zOR2AgvnewiLoj6aoliFGOiisY2g6kMxckCrSQTIwhNccym4T588-
hhYaGcf_YCFJmRPm9btVW7oUtntmzuB7d_hOAA2wYRrnZuOeECGjlO1SjHAgukOpjpINFVBthaK6TU70tPQdohsB605BfbsVFjHNMCOI13mC7o6HBf7gl3uvEE2E1mJnWEkRkY6RsZux8jWhzybYf6YZjSrRykUWrnpPrDQU2Vb-
RL8jS8QwMI1jZl9YKGjyNALWOhW2RmmfG5CvHnCqnr8bNNOFMvV2IBkZIhMFdfcEvvPALs5y9NXZc826y4dYGljacpKKWTMXM8yVBqJDsd3Ga6ZEMbcUmFZ_dpCgChjkoVqvBiaogQc-0PTCTGk46c6RnRughYuEL0R2M6zPO2tRL9vp-
vIFzTUUeBvfMHeCct5zBE80ZChsS7TyqqIGB3K5vgwMjA1HRk7K1m1Polezc37BpVt5o7sHS72BUf9GKS6O6A-h1c3Lo4ic0OqG3UfVYNLZ2_6DnVVyJ9DtiTdx7TE2T4yvdm9-LD9Ic53KiKHXhTUQa-sIZd2kmFdQ1AnEXcw14rXQhN79RVaJYJjkfYlauur7BOxM6pMJR-
VyS_biRjUBVk1ye8GuxcfHpBEXyExJ8yEulMP8ypPDPzpI1IR1FxxvlGAlS0G_brdpxI191gOJOqurfQa8vQHNrq9edVEQPbHC9Evjt93Lz4MMKIYTUYUrZY6FPNrayhshcVrwZGMxBSsEw2HamTUJ8DsSwQd7aFDif6DOZRDbdw63ob-
wqE2HiSbnp2Y9ekJ1IPMDqk2E9u4HoomPfNEYEkGGHkxFWe97QOORTonUfOB6YvYyaE2QmsLpNU-dFFPHHFVz2k2U8D0RI99ghjYoami943RhdYD4HZEu-Li5yDLoUj9JPq0D7i2-LLDAw4-vbnw0oVHCSyeVcgFMsHEMImQUPwBc8RUDKtMTbSRw4Q4mEe0dMThqD3SqK7HPGHfPqBlKrrvTEYFh5_YUvbosA-
MC0TmuGZxYQBB4MRMpgANiZXQh4zFbsYqv0J96VWMqy6VCGoDOR6heBRb5oaihcTLo6j9eKhMcMkJ86aoDW1huwX1J3GRyH5Fo4lsY-
JpXU62D0J7lQxonCbIVDORJ1ANPTayV4psVlxxQKswM9UZujWr12Tcidj7UsM1Yv93k7JemKIeWJ03bpjqOK8PQd1fNFZ2mBtQzUUvtS4YqrboO7FYRzDnoekIilP5A6K6EVEXRb9LFMJ0X2q4RuyWw8L_QZPmQXPDYNpdgCHqWNpPDeDyAow_FPkUVWYFAoq2IAY2nTRErSqoxjHFFUlYIjNnG_bPkA24RuyLzvo29eP
7HkPZN6K2CkYO1xjRYYukEpEH_5ARiWd2RsVNRBi20dZF6xjXTxMeo-2rzQNwx165l9j7UsM1hZf9LBb6n-faM6K9xg1ca0THV3ns8oNI3EqBHKji6qyoywKxmJQXE_M8xrA3oOIOHc1Seo7SNIt91G-8XOx90_87jnTgVFsLLn_vVDH1XxdE0Uvi-
KgvPiZeorm7ViimBEiy7Agz0IJ7qLpdQxufPOpAW9uOK_euZkC77fcjW9AgVlvFojF-9jwsvGuP4YNV0Q2jiVgAZvS4jfFajBZn3GP4VHGei6Iq97pYo5YarhF7X2roU2jRs5uSKWFaU9ylXfuDXTsNtv20WpyugZW2Nhr0HVg5sYetYokz3-
WddxM9ZG4cTFsHVmoc7iWXL48UDPrHRARQFGJE6yyeoX1YYkuHgNY14tlcJBU5y2hGq3XeFRM_m7v660oxfgP36D6Fa5gMv7mz3fTXZdvYo3qzA7Ztbr03sNCEbH9gQzHsi-KLkYlKEA07MsX8XYW0TpmVpsMTMV5LKiNtAxaakL0E2L-LjZuDsv1UtgnY-gF9VbbbJx6qLAK5LkxPF3FgxJ3NHA6LE3EsB-
PjoiAak2g8KzZtop4quwesiGDHh0TPq2zvhGO_j9YHWGhC9hJg24nmYTFuhOwNXbkRE80Vg1-Dejzdw-BKnUmKibWC-iCLvvslvkAAC03IXgIs9G9KNGts05ToqcriA9qAhet9wcbJwrGXbXCynUfaoUNlRbw8Cyz8jS8QbTQ4f2fi5-
lrP5LfWfacsoG1d__BtIEfSa9zz738QpXPGU1FH2DmNsLUTuaxuDxEXB7gIqDInzVDXCIh76aH22c0z7iy4xnNi13Zjt1dWUv7BBZOkcUHlP2B7XtUV0GpJFFTIxlDJ2tJyJtzMasAm0OPi5zE65FI8ToLsQ3AQh-
L6wL2tHH9KAdHR9l3GIm2wLufLQ4mpoQeVIGSZsH08usf68y19frHvTF0rrm4nam0G3Q7bhNJVCXiyp43Mr38NkfYV4oHz05RtOfgdjdae3QtqNi-UtzMM8x3igbnNO3cQ6HhqVufZ6dc3G7q0JApdkRjS-IaGbJKOBwjQ0ej1KdIMK0ddR78OQPm_lhZDzD1rjnV68A8c33B-
YdCxxbtKlcyF0Munuh9TGJxcyWtxF0YRsZVjrHRYZjGinlcq7gGTDhWzXNgHl-X2DD0fRmYcKyal4J50mtrBxO9lYYOzxE-
0UItFPPruATTc1NxspKKex8qMjDVeffdYUdgQpud9wNT7yqN9wMT2uy8L5hwgfNIdhdaM3TApmaJ4eASeCySyWRk1le_sYKqbkxjXRKH5fuACeec5jkwoe2sVl8w4ZzTPBudr_DEHzkjixnaghg3R2QxZ0xp7EaiHcwyJhN1PeAZj8UIcheY0DcCtYEJreNT5yi_lyZcjFA8LO3duPVRBWdx_Int7YHjp17y0N2594qLs
0zOuESqmzKHSGjWGYuNCPPFXMweEA8BjtGZRp8HwkQzD652Z6pVba7FjccNR1D3qN4ZMOGadbfeRnINmLB76setZJmuUGeM0WgxFIMr-H8ElCcUeSJV7YRoCCRSQra9mA_2b-bbA-54dv0PX6ZVoN288fvd0Ltbia9SELW0b5t_7E9D8XCVBcNg018qV0qRNjG2j3Msl36Fgp_dvGy-
BWKyEtn75ycncrryjL05rM8zbr7ilqgP8ccStn-rJfj4hofNNyDUF5JzbS4xsf7Nl1b82phybXj5vhR1PVGP02wzIpWmdclDXAPorEe4jJHwC-iBMbNLStzKTfIZuwmrFjLRrFLM4oi0r8LwNqzL3-piYHoWsjHkYxkp9VTa2r78ju5NSJL40WYWg8S-0INhfhfPol9L-YYwfRI60-mYzcQXeORLdbIk1ks-
tZjqWpY2yw13Uc1MMs61sbzAF-VzcL0RbqFVqPGYTNbUnYx9MnFdpP-uRKxhro7rN_-rjl139UjTQJ0xMmH1A8Z5_gOCQSCa85gzy_lKW9SqOl7PJmT8ok29qXY_nqfj3JqOnTEVXx2y--YQlHA-Ht9PYWyNfZ2PvK_piya_TqSR8yI72fLPQ3pPyevX8nF6-
_ufdya_zC3NHrk0lebz_MdMWdy7v97_yDdgrydm9Xv4Og_Lt5y8BvaAfbN-TrWEjb78kcNk_fItVY3vaagH6u-gNL-o3-mLdLdg1lt6645MWOvFPLVG36vxl39nlvHgr99e9J_ffqsrXTezyJ58mSTWjePiCqrZr6GcBPY4nr-ohvbnycztDAa36oP66zdTgptf93fPD-rD95_K9_ev7tM_Qfrtwfph3S-
MIImWqj0kxfx3Ov_5xfv5q1qojytC8xTek2C1nMbxg1Epk69vGvvH-vos6-HLq2P_uvnzQgL5S07kwd03Oi9f7d_DP8atnP74viz-WSzfv_4L_Nmd28sn5kfBTP0ufSkr5U374sVQf9_LjKqf3_3y_09KU24=
8k
More AZs and more cloud services lead to
humongous tokens

PKIZ_eJylmMly2zgQhu94irm7UuYiKtZhDtzExQIYUlwE3ETS4S4p1sLl6adJ2YmT2HFc4yqVLYAAGn9_bPzwp0_wo-iGRf5R8Xr88glhy1q1LrXv98zKLwmR3UTdQ9uxVFV1PlNlV-80X14pWZ3lVaYwF-typrdZtv-
iZNU3lFeFsWg5RWmNDBplxbLsW_NY0IiUbEMGq9xnD73NxcKpjgtrbkHfFtrTKKw2wpJD4wNWabXYD07Yl-FTB1iz5tiv5njIzo5POcfPOqtoM6sJZ4lR92yDC6eQC1zKHSJrrsMq1-Ol2-Jy3zn-fnCW-2KlysU2cqcHE6PLqRDuY6Gr2Maa-
lIjPNNIukYAIZaxeJ2VGaFwXU3K4yi4tjXLMxNz_tpOehYtuVi0pj5Em2BGfK-gZcbjgZTEGD-6wLS6IlpeUMEVHC0vaVlNK7NIymnT1Uwd9fB6lEbB0VJtITF-
jaCurvoEPfHtnJWyhIWAGxfDA51RPy1pg0XENCywcpljPy2uA706EUi_3SjcNlqcp0mqJZ8adxkV7ZpuPFhd3tNNCNvwahTD_qhYHawdN0aSp5F3SJeLAzPHiJTY2h1UujvMY33RBJCltYj7rRBugtrj_Uov0GYzDRzYxha2EaldyC2NugvrYY_L02dI3ZmZymULiif84gi_H5NrXzpqgkCUKjEWh3jnTdBE4rFImnD3
PfymE5JBfuKgPkP6eoj6GIY2HvuR1eRcasrzVb-4JD0vQK55SN85bep29TR41YQF3dQl7qUyFri5oyUiKRYCXt_xCIPKNKKt45OaaAFHSyw4hi5SwS6J4A6koR314XthjVs9TOlTLRij96TxGsRK2sIEHCnxjALfdCAF84NunAz7Oof7aWCbRjbsn4RB1U7p3poel2j7C1oJi2G1YZfYDE9sLQnbjXyOTTZgTT-
zyM4fIjysGnKJ_f2MDImwEmm3Gn6wgV6D4yc2xvSarwrbj8Ki15T9C2H7Z2HRa8p-RFj0QlkeA0gsIhX2xxeLAlBh4WiBSMukpSUdmAbvQxnC-_hDWPSasm8La_0mLHpN2Y8Ii74ru1P2D9rbyL4lLJqUfRr8J2TfEha9g6yEG3eGtQomYDUrXQ6XmeD4de0YVo9h0bGg8KSsG1L8GdnXhE2MfIb-
Ftm3hEV_RPaqTf8nYdGbyD4Nfk9Y9PFaYBdQ-ivWBDwxaAsaWBwdgpljMNiKJTFQ2_FdqA8Jz9bvC4teU_Y1ZN8SFn24FuzIkb4osuhDteBp8Eth0f-pBaOw6AnZDqwEz7RlzgwskMjlHM1qnWjcr9KQwS4dLYM9s9-IRX-
FrNCVbxGL_k8tGIVFL5FdgfeJ1eve4Kirk9FkLMO1fwVon5pe6xR3FzAjp7RZHNOIr9Fqxw6JKrVbM2txIdW0WUp0wGcqLE5OmYlkoJe01C_Eh5rZLBt4tQfmu0ChBXYkzxERSEGHtMIDa3Ckd0SwfvJHpLHr8WEotBLx9QEwrkHQnvlUdLRqBgUlhFX1njZ0GpiYYREbdfkzF8rwa-jPkaPXQv-
IsOgdZMX3iiz6A7Li3xRZ9EFf0FFhFA-LxKewxYRDeNBnjmbnMNtAhrxwjEDADZ6Rd3zBM7Hod2STDxVZ9Day_OTCUrNuoTKNJD7rNKUbBD2N7ePpXIJ1m0z013CyfHwihP2Th57-fn4Y-how2LsH8zpJAkwguBN8BXDOW_FqLDfrFzYXKHRGgRsL_DTEOnhwyHs5aVyJae6MNqRCpMxmVLCkKd87-xIb4Xe_-
GJlwiK-mKKEBSAysPp8ffWJO1IngCUVguctfO-0GpbHTTpL1_Zi2ncUgunw8tTQx2jBxdYDgmtLFUf1RB9Wf4mihzLfBD1rqMQisH1DBrxA2n0vd3wZspNXo0uDExg4mICBsmbAYesrFbAwjKnCQwLgkPF6w5OhrhwoefDmlriwr14Z-D-
Ntn2MhJnXWwgcMOKqlM9YnXWQzsVX31BlGsBNzVDgxqbgZduGg77CcmUgmQ90JcdqGOJOK2WsZCSEp7AShgBWyGF31moy1ULXNTU5DGPQLNV0B8utMY5FatYuw0gCu-92hiZH1wkw1sRUTHupfjCWJ7h01ROVrqXIv9wh0XiJ1H66eOqK4sp6lulyEhj-o3Hw5lywIilTinTveYlB03l9biTxPibzBbI042Z-
z0tkdrPr-rVVHG4vCW3cxf0DjrI7J5c_6_QQJPd--KW52So-ba0vzsJd9nyZrY8W-rZVDX-dDTcLsdbjWbxpB2V9JnfGzWVIpYLbb42NNtyzhUn2ihabe2_Ve0lnzpdlweaiiW43QudnG8pWGh38-
53IbpPCrDbVTsYzg9lLZvafm3O3xPKjRCU36j2heTjd3CipcevuXaTcVu1CS2pyFm1Vtb_lzc2DePIebXJW5pxrl13w9WEr2IrrkbTib-_O9yclOq6EjY4V3lOR4X82K3aMhmr5hX72Dyvz8fGyP19ws0uco_tNXrmqGYv3t-1JDr9U59j99180Xfx1ov34J8B_QEtYwg==
2k
Remove service catalog from tokens

Two Factor Authentication
A per-VPC policy
VPC is a property of a project
All projects in a given VPC share the policy
Entirely dynamic and configuration driven

POST /v2.0/tokens
{
"auth": {
"passwordCredentials": {
"username": "jsmith",
"password": "…”
}
}
}
Compatible for token generation
No changes for token validation
Proprietary extensions for resync

API Key
Designed for headless use cases
A replacement for username, password tuple
Create as many as you like
Revoke at will
Can be ephemeral

POST /api_key
X-Auth-Token A valid auth token (header)
source_project_id An optional source project (defaults to
current)
expires-at An optional expiry
role_ids An optional subset of roles
group_ids An optional subset of groups
ip_addresses An optional subset of sources (default
to the project’s compute VPC)

Limited Authentication Boundary
Blocked if the caller source is not whitelisted
Blocked if used from a different VPC
Blocked if used from a different project

Upstream blueprints/commits soon

Keystone at the Center of Our Universe

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Keystone at the Center of Our Universe

Similar to Keystone at the Center of Our Universe (20)

More from Subbu Allamaraju

More from Subbu Allamaraju (12)

Recently uploaded

Recently uploaded (12)

Keystone at the Center of Our Universe